Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Systems Infected By Kernel Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 Kaptain Petey

Kaptain Petey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 19 November 2010 - 02:00 AM

I have tried just about everything I can think of that you have suggested. I have 12 different systems that have been hit hard by this nasty bug. It has driven me to ask you guy for help or suggestions on what I need to do. Below are some of the files that I have copied using combofix, and malwarbites and a few others. I would really appreciate some experieced life saving help. I am lost. I have tried to reformat the harddrives, put different operating sysems from Windows 7 to Windows 98....bought most of these computers from ebay. I even went and bought a few new ones.....only to be hit by the nasty Rootkit again. I have tried to clean the harddrives but not really successful with that either. This thing likes to hide in my memory, pci video cards, pci sound cards, as well as my keyboards bluetooth and all.....I am at your mercy and would much appreciate advice on what I need to do.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-24 13:02:02
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38
Running: rfj10hce.exe; Driver: C:\Users\Amd240\AppData\Local\Temp\kxryqpob.sys


---- System - GMER 1.0.15 ----

SSDT 86842150 ZwAlertResumeThread
SSDT 86842BC8 ZwAlertThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x98334328]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x98332A8C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x9833255E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x9F0B6AF0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x9833264C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x983391F8]
SSDT 869F52E8 ZwCreateMutant
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x9833246A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x983304F2]
SSDT 869F9960 ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x9F0B6B40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x98331768]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x98331D22]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x9833232C]
SSDT 869F0298 ZwFreeVirtualMemory
SSDT 86848AB8 ZwImpersonateAnonymousToken
SSDT 86846EA0 ZwImpersonateThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x9833324C]
SSDT 869F0138 ZwMapViewOfSection
SSDT 8684D280 ZwOpenEvent
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x98339554]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x9F0B7490]
SSDT 861D4658 ZwOpenProcessToken
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x983307B4]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x9F0B7320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x9F0B6BE0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x98333940]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x98332CB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x98332F14]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x983320CE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9833286E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x9F0B6AA0]
SSDT 869F1EC0 ZwSetInformationProcess
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x98333FDC]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x98333186]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x983321FE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x98331F7A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x98331E40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x9F0B7630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x9F0B6C80]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x98333414]
SSDT 861D7148 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x9F0B7000]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288D579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 828B9724 8 Bytes [50, 21, 84, 86, C8, 2B, 84, ...] {PUSH EAX; AND [ESI+EAX*4-0x797bd438], EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 828B973C 4 Bytes [28, 43, 33, 98] {SUB [EBX+0x33], AL; CWDE }
.text ntkrnlpa.exe!RtlSidHashLookup + 248 828B9748 8 Bytes [8C, 2A, 33, 98, 5E, 25, 33, ...] {MOV WORD [EDX], GS; XOR EBX, [EAX-0x67ccdaa2]}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 828B979C 4 Bytes [F0, 6A, 0B, 9F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828B97DC 4 Bytes [4C, 26, 33, 98]
.text ...
? system32\drivers\NIS\1007000.01E\SYMEFA.SYS The system cannot find the file specified. !
? system32\drivers\NIS\1007000.01E\SYMTDI.SYS The system cannot find the file specified. !
? C:\Windows\system32\Drivers\SYMEVENT.SYS The system cannot find the file specified. !
? system32\drivers\NIS\1007000.01E\SYMNDISV.SYS The system cannot find the file specified. !
? system32\drivers\NIS\1007000.01E\SYMFW.SYS The system cannot find the file specified. !
? C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101118.005\IDSvix86.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9082E000, 0x2CAF9A, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 982E3000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 982E3123 629 Bytes [E5, 2D, 98, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 982E3399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 982E33FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 982E34AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
? C:\Users\Amd240\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
.text autochk.exe 004511D1 19 Bytes [FD, FF, FF, 8B, 95, CC, FD, ...]
.text autochk.exe 004511E7 15 Bytes [8B, 8D, C8, FD, FF, FF, E8, ...]
.text autochk.exe 004511F8 67 Bytes [8B, 8D, 40, FE, FF, FF, E8, ...]
.text autochk.exe 0045123C 1 Byte [00]
.text autochk.exe 0045123C 17 Bytes [00, 00, 8B, 8D, C0, FD, FF, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Online Armor\OAhlp.exe[1084] USER32.dll!LoadStringA 763D6563 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAhlp.exe[1084] USER32.dll!LoadStringW 763E5533 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!CreateWindowExW 763E0E51 5 Bytes JMP 6F167AA7 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxIndirectParamW 76404AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxIndirectParamW 76404AA7 5 Bytes JMP 6F2B58AB C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxParamW 7640564A 5 Bytes JMP 6F08490B C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxParamA 7641CF6A 5 Bytes JMP 6F2B5848 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!DialogBoxIndirectParamA 7641D29C 5 Bytes JMP 6F2B590E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxIndirectA 7642E8C9 5 Bytes JMP 6F2B57DD C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxIndirectW 7642E9C3 5 Bytes JMP 6F2B5772 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxExA 7642EA29 5 Bytes JMP 6F2B5710 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] USER32.dll!MessageBoxExW 7642EA4D 5 Bytes JMP 6F2B56AE C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] WS2_32.dll!WSASocketW + 6 75CC3D21 1 Byte [CC] {INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[2120] ole32.dll!OleLoadFromStream 75DE5B88 5 Bytes JMP 6F2B5B74 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!UnhookWindowsHookEx 763DCC7B 5 Bytes JMP 6F177E18 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!CallNextHookEx 763DCC8F 5 Bytes JMP 6F1594EC C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!CreateWindowExW 763E0E51 5 Bytes JMP 6F167AA7 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!SetWindowsHookExW 763E210A 5 Bytes JMP 6F114243 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!DialogBoxIndirectParamW 76404AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!DialogBoxIndirectParamW 76404AA7 5 Bytes JMP 6F2B58AB C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!DialogBoxParamW 7640564A 5 Bytes JMP 6F08490B C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!DialogBoxParamA 7641CF6A 5 Bytes JMP 6F2B5848 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!DialogBoxIndirectParamA 7641D29C 5 Bytes JMP 6F2B590E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!MessageBoxIndirectA 7642E8C9 5 Bytes JMP 6F2B57DD C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!MessageBoxIndirectW 7642E9C3 5 Bytes JMP 6F2B5772 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!MessageBoxExA 7642EA29 5 Bytes JMP 6F2B5710 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] USER32.dll!MessageBoxExW 7642EA4D 5 Bytes JMP 6F2B56AE C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] WS2_32.dll!WSASocketW + 6 75CC3D21 1 Byte [CC] {INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] ole32.dll!OleLoadFromStream 75DE5B88 5 Bytes JMP 6F2B5B74 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4140] ole32.dll!CoCreateInstance 75E357FC 5 Bytes JMP 6F168595 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CreateDialogParamW 763D9BFF 5 Bytes JMP 6F0BC2C8 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!EnableWindow 763DA72E 5 Bytes JMP 6F0BC243 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!GetAsyncKeyState 763DC09A 5 Bytes JMP 6F07D6D1 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!UnhookWindowsHookEx 763DCC7B 5 Bytes JMP 6F177E18 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CallNextHookEx 763DCC8F 5 Bytes JMP 6F1594EC C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CreateWindowExW 763E0E51 5 Bytes JMP 6F167AA7 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!SetWindowsHookExW 763E210A 5 Bytes JMP 6F114243 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!GetKeyState 763E4FDA 5 Bytes JMP 6F0BD47E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!IsDialogMessageW 763E6F06 5 Bytes JMP 6F083FE8 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CreateDialogParamA 763F3E79 5 Bytes JMP 6F2B61B3 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!IsDialogMessage 763F407A 5 Bytes JMP 6F2B5BBF C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CreateDialogIndirectParamA 763F9110 5 Bytes JMP 6F2B61EA C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!CreateDialogIndirectParamW 764008AD 5 Bytes JMP 6F2B6221 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!DialogBoxIndirectParamW 76404AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!DialogBoxIndirectParamW 76404AA7 5 Bytes JMP 6F2B58AB C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!EndDialog 7640555C 5 Bytes JMP 6F085873 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!DialogBoxParamW 7640564A 5 Bytes JMP 6F08490B C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!SetKeyboardState 76406B52 5 Bytes JMP 6F2B5F24 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!SendInput 76407055 5 Bytes JMP 6F2B68A0 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!DialogBoxParamA 7641CF6A 5 Bytes JMP 6F2B5848 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!DialogBoxIndirectParamA 7641D29C 5 Bytes JMP 6F2B590E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!MessageBoxIndirectA 7642E8C9 5 Bytes JMP 6F2B57DD C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!MessageBoxIndirectW 7642E9C3 5 Bytes JMP 6F2B5772 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!MessageBoxExA 7642EA29 5 Bytes JMP 6F2B5710 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!MessageBoxExW 7642EA4D 5 Bytes JMP 6F2B56AE C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] USER32.dll!keybd_event 7642EC9B 5 Bytes JMP 6F2B6AD3 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] WS2_32.dll!WSASocketW + 6 75CC3D21 1 Byte [CC] {INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] ole32.dll!OleLoadFromStream 75DE5B88 5 Bytes JMP 6F2B5B74 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] ole32.dll!CoCreateInstance 75E357FC 5 Bytes JMP 6F168595 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] SHELL32.dll!SHChangeNotification_Lock + 45BE 76C0B3D8 4 Bytes [11, 36, 1A, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[4440] SHELL32.dll!SHChangeNotification_Lock + 45C6 76C0B3E0 8 Bytes [5F, 35, 1A, 70, D0, 73, 19, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateDialogParamW 763D9BFF 5 Bytes JMP 6F0BC2C8 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!EnableWindow 763DA72E 5 Bytes JMP 6F0BC243 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!GetAsyncKeyState 763DC09A 5 Bytes JMP 6F07D6D1 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!UnhookWindowsHookEx 763DCC7B 5 Bytes JMP 6F177E18 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CallNextHookEx 763DCC8F 5 Bytes JMP 6F1594EC C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateWindowExW 763E0E51 5 Bytes JMP 6F167AA7 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!SetWindowsHookExW 763E210A 5 Bytes JMP 6F114243 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!GetKeyState 763E4FDA 5 Bytes JMP 6F0BD47E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!IsDialogMessageW 763E6F06 5 Bytes JMP 6F083FE8 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateDialogParamA 763F3E79 5 Bytes JMP 6F2B61B3 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!IsDialogMessage 763F407A 5 Bytes JMP 6F2B5BBF C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateDialogIndirectParamA 763F9110 5 Bytes JMP 6F2B61EA C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!CreateDialogIndirectParamW 764008AD 5 Bytes JMP 6F2B6221 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxIndirectParamW 76404AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxIndirectParamW 76404AA7 5 Bytes JMP 6F2B58AB C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!EndDialog 7640555C 5 Bytes JMP 6F085873 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxParamW 7640564A 5 Bytes JMP 6F08490B C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!SetKeyboardState 76406B52 5 Bytes JMP 6F2B5F24 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!SendInput 76407055 5 Bytes JMP 6F2B68A0 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxParamA 7641CF6A 5 Bytes JMP 6F2B5848 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!DialogBoxIndirectParamA 7641D29C 5 Bytes JMP 6F2B590E C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxIndirectA 7642E8C9 5 Bytes JMP 6F2B57DD C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxIndirectW 7642E9C3 5 Bytes JMP 6F2B5772 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxExA 7642EA29 5 Bytes JMP 6F2B5710 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!MessageBoxExW 7642EA4D 5 Bytes JMP 6F2B56AE C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] USER32.dll!keybd_event 7642EC9B 5 Bytes JMP 6F2B6AD3 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] WS2_32.dll!WSASocketW + 6 75CC3D21 1 Byte [CC] {INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] ole32.dll!OleLoadFromStream 75DE5B88 5 Bytes JMP 6F2B5B74 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] ole32.dll!CoCreateInstance 75E357FC 5 Bytes JMP 6F168595 C:\Windows\system32\ieframe.DLL (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] SHELL32.dll!SHChangeNotification_Lock + 45BE 76C0B3D8 4 Bytes [11, 36, 1A, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[5196] SHELL32.dll!SHChangeNotification_Lock + 45C6 76C0B3E0 8 Bytes [5F, 35, 1A, 70, D0, 73, 19, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7018C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70193B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7019595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [701947A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70194EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [70191D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [70190043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [70190CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [70199974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [70199916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [70198A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [70198D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [70198E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [70197D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [70198FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [70199E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [70199029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [70199E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [70197C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [70190CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70192ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7018F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70194EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [701947A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [7018DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [7018DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [7018DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [70190571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [70191D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [7018DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [701941F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7019595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70194735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70194B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [7019823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [701989C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [70198584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [70197E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [70198CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [701990D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [70197C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [70198D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [70197F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [7019794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [70197D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [70198898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [701986C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [70198760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [70197EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [70199B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7019958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [701999D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [70198026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [70197F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [70197AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [701997FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [70197BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [70199C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [701998B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [701977ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [701996FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [701981EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [701980BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [70198286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [70198D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [70197DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [70198F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [7019892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [70199A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [701992E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [70199E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [70198E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [70197B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [70199029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [7019789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [701983BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [7019861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [70198A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [70198454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [701984EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [70199974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [70198EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [7018D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [70190F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [70191904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7019141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [701909C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7018F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7018F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [701927FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7018EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [7018E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70192ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [701927DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [7018E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [70190043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7018EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4440] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7018C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70193B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7019595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [701947A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70194EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [70191D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [70190043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [70190CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [70199974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [70199916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [70198A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [70198D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [70198E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [70197D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [70198FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [70199E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [70199029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [70199E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [70197C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [70190CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70192ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7018F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [70191ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70194EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [701947A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [7018DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [701906BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70193932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [7018DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [7018DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [70190571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [70191D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [7018DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [701941F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7019595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70194735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70194B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [7019823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [701989C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [70198584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [70197E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [70198CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [701990D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [70197C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [70198D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [70197F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [7019794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [70197D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [70198898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [701986C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [70198760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [70197EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [70199B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7019958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [701999D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [70198026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [70197F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [70197AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [701997FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [70197BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [70199C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [701998B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [701977ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [701996FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [701981EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [701980BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [70198286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [70198D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [70197DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [70198F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [7019892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [70199A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [701992E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [70199E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [70198E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [70197B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [70199029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [7019789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [701983BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [7019861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [70198A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [70198454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [701984EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [70199974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [70198EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [7018D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [70190F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [70191904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7019141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [70191A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [701909C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7018FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7018F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7018F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [701927FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [70191BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7018F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7018EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [7018E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70192ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [701927DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [7018E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [70190043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7018EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5196] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70189F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\tdx \Device\Tcp OAmon.sys

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\tdx \Device\RawIp6 OAmon.sys
Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS

Device \Driver\tdx \Device\RawIp OAmon.sys

AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS

Device \Driver\tdx \Device\Udp6 OAmon.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????&??? 0??????&??????????STORAGE\VolumeSnapshot????????N????????????D????{00000000-0000-0000-0000-000000000000}??????????#???????????????????????????????? ????????????????????????????????????????????????????????????????N??????-?????D1D??{00000000-0000-0000-0000-000000000000}??????????????????? ?????????????????????1??L??????? ? ???????????????????????? ?????????????????????1????????????&????????????????????F??? ???????????????????;?,??????6?4???????????????????????????????????????????????????? ?????????????????????????????????s????? ?????????????????????,?????????????????f??? 0?????????????????STORAGE\VolumeSnapshot???1??????????? ??????????????????sh????????????????N??????-????D?????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? ???????????????????????????? ?6?????????????X??????&???&????????X?????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0001?????????????????????? ???????/??????????????????????^???Y???????????????????????????????????????????????????? ?????????????????????????????????/???/???????????



When I tried to install Viper these are the install files

Attached Files



BC AdBot (Login to Remove)

 


#2 Kaptain Petey

Kaptain Petey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 19 November 2010 - 02:35 PM

Hell Computer Guys,
I have tried just about everything I can think of that you have suggested. I have 12 different systems that have been hit hard by this nasty bug. It has driven me to ask you guy for help or suggestions on what I need to do. Below are some of the files that I have copied using combofix, and malwarbites and a few others. I would really appreciate some experieced help. I am lost. I have tried to reformat the harddrives, put different operating sysems from Windows 7 to Windows 98....bought most of these computers from Ebay. I even went and bought a few new ones.....only to be hit by the nasty Rootkit again. I have tried to clean the harddrives but not really successful with that either. This thing likes to hide in my memory, pci video cards, pci sound cards, as well as my keyboards bluetooth and all.....I am at your mercy and would much appreciate advice on what I need to do.
Thanking you in advance,
Respectfully,
Kurt Peterson


DDS (Ver_10-11-10.01) - NTFSx86
Run by Amd240 at 1:46:56.17 on Thu 11/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.1890 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Program Files\Online Armor\a2\AVGate.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TrueCrypt\TrueCrypt Format.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TrueCrypt\TrueCrypt Format.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Amd240\Pictures\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\Amd240\Pictures\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [TrueCrypt Format] "c:\program files\truecrypt\TrueCrypt Format.exe" /acsysenc
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-11-24 32008]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-24 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-11-24 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-24 25000]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-11-24 76440]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-11-24 220760]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-11-24 78936]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-18 172032]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-11-24 6415608]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-14 69976]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-11-24 29120]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-11-24 26096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-24 189440]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-11-24 68696]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-11-24 1102848]
S2 DvmMDES;DeviceVM Meta Data Export Service; [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DRSMAF;DRSMAF;c:\users\amd240\appdata\local\temp\drsmaf.exe --> c:\users\amd240\appdata\local\temp\DRSMAF.exe [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2010-11-24 68696]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-11-24 94040]

=============== Created Last 30 ================

2010-11-25 06:18:07 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-25 06:18:07 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-25 06:18:07 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-25 06:18:07 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-25 06:18:07 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-25 05:27:51 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-11-25 05:03:31 90 ----a-w- c:\users\amd240\appdata\roaming\netstat.bat
2010-11-24 23:16:27 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-24 23:15:48 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-24 23:15:14 -------- d-----w- c:\windows\system32\Wat
2010-11-24 22:50:55 -------- d-----w- c:\windows\system32\appmgmt
2010-11-24 22:23:46 752128 ----a-w- c:\windows\system32\drivers\tdrpm270.sys
2010-11-24 22:23:42 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-24 22:15:27 -------- d-----w- c:\program files\mrfix
2010-11-24 21:29:36 -------- d-----w- c:\users\amd240\appdata\local\Diagnostics
2010-11-24 20:24:25 -------- d-----w- c:\progra~2\TrueCrypt
2010-11-24 20:14:54 -------- d-----w- c:\users\amd240\appdata\roaming\TrueCrypt
2010-11-24 20:14:01 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-11-24 20:13:57 -------- d-----w- c:\program files\TrueCrypt
2010-11-24 19:04:06 -------- d-----w- c:\users\amd240\appdata\roaming\GetRightToGo
2010-11-24 19:01:31 -------- d-----w- c:\windows\Panther
2010-11-24 17:24:35 -------- d-----w- c:\progra~2\PC Tools
2010-11-24 17:22:48 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-24 17:22:48 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-11-24 17:22:48 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-11-24 17:22:47 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-11-24 17:22:47 -------- d-----w- c:\program files\Prevx
2010-11-24 17:22:40 -------- d-----w- c:\progra~2\PrevxCSI
2010-11-24 17:09:19 -------- d-----w- c:\users\amd240\appdata\roaming\Sunbelt
2010-11-24 17:09:19 -------- d-----w- c:\progra~2\Sunbelt
2010-11-24 17:01:49 -------- d-----w- c:\users\amd240\appdata\roaming\Malwarebytes
2010-11-24 17:01:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 17:01:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 17:01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 17:01:32 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-24 16:59:10 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-11-24 16:59:09 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-11-24 16:58:56 68696 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-11-24 16:58:55 220760 ----a-w- c:\windows\system32\drivers\SbFw.sys
2010-11-24 16:58:51 -------- d-----w- c:\program files\Sunbelt Software
2010-11-24 16:50:54 -------- d-----w- c:\users\amd240\appdata\roaming\OnlineArmor
2010-11-24 16:50:54 -------- d-----w- c:\progra~2\OnlineArmor
2010-11-24 16:50:03 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2010-11-24 16:50:03 29120 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-11-24 16:50:03 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-11-24 16:50:03 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-11-24 16:50:01 -------- d-----w- c:\program files\Online Armor
2010-11-24 16:41:01 89088 ----a-w- c:\windows\MBR.exe
2010-11-24 16:41:00 256512 ----a-w- c:\windows\PEV.exe
2010-11-24 16:36:09 0 ----a-w- c:\windows\ativpsrm.bin
2010-11-24 16:27:24 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-24 16:27:15 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-24 16:24:45 -------- d-----w- c:\users\amd240\appdata\local\ATI
2010-11-24 16:22:16 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-24 16:20:23 -------- d-----w- c:\users\amd240\appdata\local\Downloaded Installations
2010-11-24 16:19:36 -------- d-----w- c:\progra~2\Norton
2010-11-24 16:18:54 -------- d-----w- c:\program files\NortonInstaller
2010-11-24 16:18:54 -------- d-----w- c:\progra~2\NortonInstaller
2010-11-24 16:17:34 868352 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2010-11-24 16:17:34 76288 ----a-w- c:\windows\system32\nQPropPageExt.dll
2010-11-24 16:17:34 75776 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2010-11-24 16:17:34 71680 ----a-w- c:\windows\system32\nQAPO.dll
2010-11-24 16:17:34 68608 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2010-11-24 16:17:34 502272 ----a-w- c:\windows\system32\VIASysFx.dll
2010-11-24 16:17:34 211456 ----a-w- c:\windows\system32\Dts2APO.dll
2010-11-24 16:17:34 181248 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2010-11-24 16:17:34 1102848 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2010-11-24 16:17:10 -------- d-----w- c:\program files\VIA
2010-11-24 16:16:14 -------- d-----w- c:\windows\system32\wbem\Performance
2010-11-24 16:15:58 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-11-24 16:15:38 -------- d-sh--w- c:\windows\Installer
2010-11-24 16:15:19 -------- d-----w- c:\program files\ATI Technologies
2010-11-24 16:15:17 -------- d-----w- c:\program files\ATI
2010-11-24 16:13:50 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-11-24 16:13:50 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-24 16:13:38 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-11-24 16:13:38 -------- d-----w- c:\program files\Realtek

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 1:54:30.95 ===============
Attached File  Gmer, DDS, Logs.zip   17.45KB   4 downloads

Edited by Orange Blossom, 19 November 2010 - 09:03 PM.
Merged topics. ~ OB


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:07 AM

Posted 28 November 2010 - 01:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:07 PM

Posted 03 December 2010 - 10:52 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me a PM.

This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users